Hi Luke, We are using Kafka 2.8.1 Broker/Client system in our prod env. Due to the Log4j vulnerability CVE-2021-44228, CVE-2021-45046, CVE-2021-4104 and CVE-2021-45105, we are waiting for kafka to upgrade to Log4j 2.17.
Our Customers are asking why Kafka is using obsolete log4j1.x version. Please let us know when Kafka is planned to upgrade the Log4j version? Thanks in advance. Regards, Deepak
